Welcome to STC Switzerland Travel Centre AG and our online presence, in particular SwitzerlandTravelCentre.ch
We are pleased to have aroused your interest in our products and services. We attach great importance to protecting your privacy and your personal data. For this reason, the collection and use of your data is always carried out in accordance with the provisions of the Genera Data Protection Regulation (EU) 2016/679 (GDPR), the Federal Data Protection Act (“Bundesdatenschutzgesetz” – DSG) and the Telemedia Act “Telemediengesetz” – TMG). As the party responsible for data privacy, we hereby provide you with information as to which data is collected by us and how we process this data.
1. Personal data
Personal data is defined by the GDPR as all information relating to an identified or an identifiable natural person; a natural person is regarded as identifiable if they can be identified directly or indirectly in particular by attribution to a means of identification such as a name, a code, location data, an online identifier or one or more features which reflect the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person. Personal data is only saved insofar as this is necessary in order to render the service you have booked, comply with statutory requirements and serve the purpose specified below.
2. Anonymised files/logfiles
You can visit our website without the need for personal data to be collected. However, every time you visit our website, certain anonymised data is saved, for example which page or which product/service was accessed. This data is not personal and is therefore not subject to the statutory provisions of the GDPR or the BDSG.
The website operator or page provider collects data via visits to the web page and saves these as server logfiles. In this way, a protocol is compiled of the following data:
website visited, time of access, volume of data sent in bytes, source/reference specifying the page from which access was made, browser used, operating system used, IP address used.
The data collected is used solely for the purpose of statistical analysis and to improve the website. However, the website operator reserves the right to examine the logfiles subsequently if there is any concrete indication of unlawful use.
Anonymous data is collected solely for the purpose of statistical analysis in order to improve our services. In this regard, please note the section “Right to information/right of cancellation”.
3. Purpose of collecting personal data
However, collection of personal data is essential when you use our website to book a trip or other service, get in contact with us, subscribe to our newsletter or use other facilities offered by our website where personal data is required for handling purposes. This also includes buying vouchers and entering competitions, for example.
In compliance with statutory regulations and in the interests of data economy, this generally only involves collecting the data required for providing the service in question. If we ask you to provide additional information in our forms, this is always voluntary and is designated accordingly.
Temporary saving of the IP address by the system is necessary in order to allow the website to be delivered to the user’s computer. For this purpose, the user’s IP address has to be saved for the duration of the session. Saving of this information in logfiles also serves the purpose of ensuring the proper functioning of the website. In addition, this data helps us optimise the website and ensure our IT systems are secure. In this connection, there is no analysis of the data for marketing purposes. These purposes also constitute our legitimate interest in data processing according to Article 6 Paragraph 1 Letter f GDPR.
If a trip or other service is booked, the data collected in order to handle this booking is used according to statutory requirements for promotional purposes and for statistical purposes.
The legal basis for sending out the newsletter as a result of selling goods or services is Section 7 Paragraph 3 Unfair Commercial Practices Act (“Gesetz gegen den unlauteren Wettbewerb” – UWG).
If you subscribe to our newsletter, we then use the data you submitted concerning your person and your trip to be able to provide optimum support for you as a newsletter subscriber based on Article 6 Paragraph 1 Letter f GDPR.
If the user has given their consent after registering for the newsletter, the legal basis for processing the data is Article 6 Paragraph 1 Letter a) GDPR.
Otherwise we use the personal data saved by us to maintain customer relations, to provide customer support (e.g. information on how your trip was handled), to implement our own advertising and marketing measures (e.g. send out catalogues and other advertising mails within the legal limits, to assess customer satisfaction and to process orders.
4. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject to undertake processing of personal data, Article 6 Paragraph 1 Letter a EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data is required in order to meet contractual obligations where the data subject is the contractual party, Article 6 Paragraph 1 Letter b GDPR serves as the legal basis. This also applies to processing measures required to implement pre-contractual measures.
Insofar as the processing of personal data is required in order to meet a statutory requirement to which our company is subject, Article 6 Paragraph 1 Letter c GDPR serves as the legal basis.
If it is the case that the vital interests of the data subject or another natural person make the processing of personal data necessary, Article 6 Paragraph 1 Letter d GDPR serves as the legal basis.
If processing is required in order to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and basic freedoms of the data subject do not override the first-mentioned interest, Article 6 Paragraph 1 Letter f GDPR serves as the legal basis for processing.
5. Disclosure of personal data to third parties
Your personal data is only made available within the limits of the relevant statutory provisions, in particular those of data privacy and competition law.
Insofar as is necessary for the service we are contractually required to provide or due to statutory requirements, your data is also made available to subcontractors or service providers so as to enable them to render the service on our behalf or under our authority (e.g. technical handling of post and e-mails, payment handling, customer service).
In addition, the data is made available to persons or companies to handle your booking, in particular transport companies, travel operators, hotels, travel agencies, car rental companies, cruise lines, authorities etc. Please note in this connection that the data privacy provisions in force in the countries in which these persons and companies are located may differ from those that apply in Germany.
What is more, we disclose and transfer your data to third parties insofar as we are obliged to do so by law or based on a final court ruling.
You have the right to receive the personal data relating to you in a structured, commonly used and machine-readable format. You also have the right to have this data sent to another responsible party without hindrance by the controller to whom the personal data was provided.
6. Saving and deletion of data
Your personal data is saved in the context of the purposes stated in the section “Purpose of collecting personal data”. The personal data of the data subject is deleted or blocked as soon as the purpose of saving no longer applies. Data can also be saved if this is required by European or national legislation as stipulated by EU directives or other provisions to which the controller is subject. The legislative authorities impose a diverse range of safekeeping obligations and periods. Data is also blocked or deleted when a safekeeping period required by the above-mentioned legal provisions expires, unless it is necessary to continue to save the data in order to conclude a contract or meet contractual obligations.
We apply cookies (small computer files containing text information which the web server sends to your internet browser) so as to improve your experience when visiting our website. If you allow us to apply a cookie, for example, certain messages only appear once. Our cookies also have an expiry date. If have not blocked the saving of cookies and you delete your cookies manually prior to expiry, you will receive a new one the next time your visit the website.
The technical specifications are such that cookies can only be read by the server that sent them. We assure you that no personal data is saved in the cookies.
If you do not accept cookies, use of our website is unfortunately subject to limitations. We therefore recommend activating cookies permanently for our website. Most internet browsers are set in such a way that they automatically accept cookies. However, you can deactivate the saving of cookies and set your internet browser in such a way that it notifies you whenever a cookie is sent.
The legal basis for the processing of personal data using cookies is Article 6 Paragraph 1 Letter f GDPR.
The legal basis for the processing of personal data using cookies for the purpose of analysis, providing the user’s consent has been given, is Article 6 Paragraph 1 Letter a) GDPR.
8. Use of Google Analytics
This website’s Google tracking codes use the function “_anonymizeIp()”, whereby IP addresses are only processed in abbreviated form in order to rule out any direct identification of persons. It is possible to object to the collection and saving of data at any time with effect for the future. Tracking is entirely suppressed by clicking on the “Deactivate” button. The browser has to accept cookies in order for this objection to remain in place on a permanent basis. Alternatively, data collection can be countered by the use of a Google browser plug-in so as to prevent the information collected by cookies (including your IP address) being sent to Google Inc. and used by Google Inc. The following link takes you to this plug-in: https://tools.google.com/dlpage/gaoptout?hl=de
9. Facebook social plug-ins
This website uses plug-ins provided by the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plug-ins can be identified by the Facebook logo (a white “f” on a blue tile or a “thumbs up” symbol) or else they bear the label “Facebook social plug-in”. The list and appearance of Facebook social plug-ins can be viewed here: http://developers.facebook.com/plugins
http://www.facebook.com/policy.php. If you are a member of Facebook and do not want data to be collected about you via our website and linked to data saved by Facebook about you as a member, you must log out of Facebook before visiting this website. It is also possible to block Facebook social plug-ins by means of add-ons for the browser used, such as the “Facebook Blocker”.
10. Facebook conversion pixel
This website uses the “Facebook Pixel” provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). This enables users’ behaviour to be tracked after they have viewed or clicked on a Facebook advertisement. This serves to analyse the effectiveness of Facebook advertisements for the purpose of statistics and market research and can help optimise future advertising.
The data collected is anonymous for us, so it does not allow any conclusions to drawn as to users’ identity. However, the data is saved and processed by Facebook, so in conjunction with the respective user profile, it is possible for Facebook to use the data for its own advertising purposes in line with the Facebook data policy (https://www.facebook.com/about/privacy/). The user can allow Facebook and its partners to place advertisements on Facebook and outside Facebook. What is more, Facebook can save a cookie on the user’s computer for this purpose.
11. Use of the Twitter tweet button
12. Use of Xing social plug-ins
13. Use of the LinkedIn social plug-in
This website uses plug-ins provided by the social network LinkedIn, which is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). The LinkedIn plug-ins can be identified by the relevant logo or the “Recommend” button. Please note that when your visit our website, the plug-in establishes a connection between your internet browser and the LinkedIn server. In this way, LinkedIn is informed that this website has been visited with your IP address. If you click on the LinkedIn “Recommend” button and are logged into your LinkedIn account at the same time, you can link a content item from our website to a page of your LinkedIn profile. In this way you enable LinkedIn to associate your visit to our website with you or your user account. Please appreciate that we have no knowledge of the content of the data sent or how it is used by LinkedIn.
For further details of data collection, the legal options open to you and the settings available, please refer to LinkedIn at http://www.linkedin.com/
14. Use of the Instagram button
This website uses social media plug-ins provided by the social network Instagram, operated by Instagram Inc., 1601 Willow Road, Menlo Park, California, 94025, USA. The Instagram plug-in can be recognised by the “Instagram button” on our homepage.
If you activate the Instagram button while you are logged into your Instagram account, content from our website can be linked to your Instagram profile. This allows Instagram to associate your visit to our pages with your user account.
15. Security, questions and ideas, controller
Not least, security also depends on your system. You should always treat your access details confidentially, never have your web internet browser save passwords and always close the browser when you have finished visiting our website. This makes it more difficult for third parties to gain access to your personal data.
Use an operating system that enables you to manage user rights. Set up several users on your system for your family, too, and never use the internet under administrator rights. Make use of security software such as virus scanners and firewalls and keep your system up-to-date on an ongoing basis.
The controller for this online presence as defined by the General Data Protection Regulation and other national data protection laws of the member states as well as other data privacy provisions is:
STC Switzerland Travel Centre AG
Tel. +41 43 210 5500
16. Right to information / right of cancellation; further rights of the data subject
You have the right:
• according to Article 15 GDPR to obtain information on the personal data concerning you which we process. In particular, you may obtain information on the purposes of the processing, the category of personal data, the categories of recipient to whom your data has been disclosed, the envisaged retention period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, and also the existence of any automated decision-making, including profiling and, if applicable, substantive details of how this works;
• according to Article 16 GDPR to obtain without undue delay the completion of your personal data saved by us or its correction if inaccurate;
• according to Article 17 GDPR to obtain erasure of your personal data saved by us, except where processing is required in order to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
• according to Article 18 GDPR to limit the processing of your personal data insofar as the accuracy of the data is disputed by you, processing is unlawful but you reject its erasure and we no longer require the data, and you require it for the establishment, exercise or defence of legal claims or you have filed an objection to the processing of the data according to Article 21 GDPR;
• according to Article 20 GDPR to receive your personal data which you have provided in a structured, commonly used and machine-readable format or to require it to be sent to another controller;
• according to Article 7 Paragraph 3 GDPR to withdraw your consent previously given to us at any time. The result of this is that we may no longer continue to process data based on this consent in the future
• according to Article 77 GDPR to lodge a complaint with a supervisory authority. For this purpose you can generally appeal to the supervisory authority at your usual place of residence or work or at the location of our registered offices.
You naturally enjoy this right free of charge. In order to cancel your consent to data use, apply for information, correction, blocking or erasure or else exercise other data subject rights, please contact:
STC Switzerland Travel Centre AG
17. Newsletter cancellation
If you no longer wish to receive our newsletter or our advertising e-mails, please click on the “Unsubscribe newsletter” link which appears at the end of all e-mails sent out by us.